REMARKS 

Claims 1-37 were presented for examination and were rejected. Applicants are hereby 
amending claims 1,5, 17, 26, 30, 35, and 36; and canceling claim 24. Support for all 
amendments is found in the application as originally filed. Reconsideration of this application as 
amended, and allowance of all claims remaining herein, claims 1-23 and 25-37 as amended, are 
hereby respectfully requested. 

In his sixth paragraph, the Examiner objected to the specification for failing to provide 
proper antecedent basis for the expression "computer-readable medium" that appears in claims 1- 
36. Applicants are hereby deleting this expression from their claims. Therefore, Applicants 
request the Examiner to withdraw his objection to the specification. 

In his seventh paragraph, the Examiner objected to claims 23 and 24 as being of improper 
dependent form for failing to further limit the subject matter of a previous claim. 

Applicants traverse this objection with respect to claim 23. Claim 23 introduces the new 
recitation of "filtering rules." Filtering rules are not recited in claim 1. 

Applicants are hereby canceling claim 24. 

For the above reasons, Applicants hereby request the Examiner to withdraw his objection 
to claims 23 and 24; and to allow claim 23 as amended. 

In his ninth paragraph, the Examiner rejected claims 1-36 under 35 U.S.C. §101 on 
grounds that the claimed invention is allegedly directed to non- statutory subject matter. 
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As discussed above, Applicants are hereby deleting the expression "computer-readable 
medium" from claims 1-36, and are expressly reciting the Web server, a hardware element, in 
these claims. Much as the Examiner has found that claim 37 passes muster under 35 U.S.C. 
§101, claims 1-36 are now in the same form as claim 37. 

For the above reasons, Applicants hereby request the Examiner to withdraw his rejection 
of claims 1-36; and to allow these claims as amended. 

In his eleventh paragraph, the Examiner rejected claims 1-9, 23-25, 28, 29, and 31-34 
under 35 U.S.C. § 103(a) as being unpatentable over Nguyen in view of Linehan . 

Presumably, the Examiner should have included claim 37 as part of this rejection, given 
the fact that he rejected claim 37 in his thirty-first paragraph, which is a subset of his eleventh 
paragraph. 

With respect to the rejection of claim 1, Applicants traverse the Examiner's statement 
that Nguyen discloses the identification of "which HTTP requests require additional user 
authentication information, such as usernames and passwords." The passage of Nguyen cited by 
the Examiner, column 16 lines 7-15, shows that in Nguyen the password is always present 
(assuming that the underlying pre-established offline protocol provided that passwords be 
present). There is no module in Nguyen , Linehan , or any combination thereof, that decides 
whether something needs to be authorized or not, much less authorized by a digital signature 
affixed by the buyer computer as recited in Applicants' claim 1 . 
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Furthermore, in his twelfth paragraph, second subparagraph, the Examiner refers to a 
block 170 in Figure IB of Nguyen. There is no block 170 in Figure IB of Nguyen . 

Further, in his twelfth paragraph, fourth subparagraph, the Examiner equates Nguyen 's 
block 2110 with Applicants' Internet server application, citing Nguyen column 71 lines 8-52. 
Item 21 10 is not mentioned in this passage of Nguyen . 

The Examiner also cites (in his twelfth paragraph, fifth subparagraph) the same passage 
for Nguyen 's item 2124, which the Examiner equates with Applicants' filter engine. Item 2124 
is not mentioned at this passage. 

Applicants traverse the Examiner's statement made in his fifteenth paragraph that 
Linehan states "that providing alternate authentication mechanisms results in a significant 
reduction in complexity, thereby improving the case [meaning "ease"] of implementation and 
overall performance." Linehan does not say that. Linehan says that moving the credit/debit card 
authentication function from the merchant to the issuer is what results in a significant reduction 
in complexity. Col. 4 lines 2-9. Providing alternate authentication mechanisms results in an 
increase, not a decrease, in complexity. 

In sum, the last clause of Applicants' claim 1 is not suggested by the cited references, 
whether these references are considered alone or together. 

Claims 2-9, 23-25, 28, 29, and 31-34 are all dependent claims, depending upon 
independent claims 1 and 30, respectively. Therefore, the patentability of these claims flows 
from the patentability of their parent independent claims. 
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Further with respect to the rejection of claim 2, Applicants traverse the Examiner's 
statement that Nguyen "discloses the filter engine is further adapted to identify HTTP requests 
that require accessing a service offered by the seller's bank and to formulate requests for the 
service". Identification implies decision-making. In Nguyen , the only decision-making that is 
disclosed is that forward converter 2124 decides if a request is an original request, an honest retry 
attempt, or a replay attack. Col. 70 lines 54-56. 

In his sixteenth paragraph, the Examiner appears to equate block 2102 with Applicants' 
filter engine. This is inconsistent with the Examiner's previous position, as enunciated in his 
twelfth paragraph, fifth subparagraph, wherein the Examiner equates Nguyen 's item 2124 with 
Applicants' filter engine. 

Further with respect to claim 2, Applicants traverse the Examiner's statement that 
Nguyen shows a bank interface that is adapted to reformat requests from the filter engine. 
Nguyen 's payment gateway system 140 does not reformat anything. Col. 15 lines 51-63. 

Finally with respect to claim 2, the Examiner cites Nguyen column 15 lines 51-63 for a 
discussion of a bank interface. However, no bank interface is mentioned at this passage of 
Nguyen . 

With respect to the rejection of claim 3, Nguyen 's column 15 lines 51-63 cited by the 
Examiner does not mention a filter engine, nor does it mention what the Examiner has previously 
characterized as Nguyen 's analogue to Applicants' filter engine (i.e., items 2102 or 2124), 
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With respect to the rejection of claim 8, the Examiner cites Nguyen column 12 lines 28- 
65. However, this passage does not mention the ISAPI which is the subject of claim 8. 

With respect to the rejection of claim 9, Applicants traverse the Examiner's statement 
that Nguyen teaches that the Internet server application is adapted to generate HTTP responses. 
HTTP responses are not mentioned in the two passages of Nguyen cited by the Examiner. 

With respect to the rejection of claim 23, Applicants traverse the Examiner's statement 
that Nguyen teaches that the filter engine determines whether an HTTP request contains data 
requiring authentication information, such as a username and password. The passage of Nguyen 
cited by the Examiner, col. 16 lines 7-15, shows that in Nguyen the password is always present 
(assuming that the underlying pre-established offline protocol provided that passwords be 
present). 

Also, the filtering rules of claim 23 are not disclosed in either of the cited references. 

With respect to the rejection of claim 25, Applicants traverse the Examiner's statement 
that Nguyen teaches that the filter engine is programmed to recognize HTTP requests transmitted 
by the Web browser that have been modified to include a special tag. A special tag is not 
mentioned in the passage of Nguyen cited by the Examiner (col. 16 lines 7-15). 

With respect to the rejection of claim 28, Applicants traverse the Examiner's statement 
that Nguyen teaches a filter engine providing an abstracted front end interface via an object 
oriented computer programming language remote method invocation. The passage of Nguyen 
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cited by the Examiner does not mention a filter engine, an abstracted front end interface, or a 
remote method invocation. 

With respect to the rejection of claim 29, Applicants traverse the Examiner's statement 
that Nguyen teaches a filter engine employing a rules class. The passage of Nguyen cited by the 
Examiner does not mention a filter engine or a rules class. 

With respect to the rejection of claim 31, Applicants traverse the Examiner's statement 
that Linehan teaches a bank interface designed with a plug-in based architecture. The passage of 
Linehan cited by the Examiner does not mention a plug-in based architecture. 

With respect to the rejection of claim 32, Applicants traverse the Examiner's statement 
that Linehan teaches a bank interface supporting an abstract front-end interface to allow 
communication via a plurality of middleware technologies. Linehan never says this about his 
acquirer gateway 206 (the analogue to Applicants' bank interface) anywhere. 

With respect to the rejection of claim 33 and 34, Applicants traverse the Examiner's 
statement that Linehan teaches a bank interface adapted to create and transmit OCSP requests or 
some type of a certificate status check module. Linehan does not mention an OCSP request or a 
certificate status check module. 

With respect to the rejection of claim 37, Applicants traverse the Examiner's statement 
that Nguyen identifies which HTTP requests from a buyer require authentication information of 
the buyer and which HTTP requests do not require authentication information of the buyer. The 
passage of Nguyen cited by the Examiner does not disclose or suggest this feature. 
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Further with respect to the rejection of claim 37, Applicants traverse the Examiner's 
statement that Nguyen creates a Web page for transmission to a browser controlled by the buyer, 
said Web page causing the browser to invoke a signing interface, said signing interface 
comprising a smart card containing a private key associated with the buyer. The passage of 
Nguyen cited by the Examiner does not show a Web page being created and sent to a browser. 

Further with respect to the rejection of claim 37, Applicants traverse the Examiner's 
statement that Nguyen identifies which HTTP requests require a service provided by an entity 
other than the seller and which HTTP requests do not require a service provided by an entity 
other than the seller. The two passages of Nguyen cited by the Examiner do not show this 
feature. Identification implies decision-making. The only decision-making in Nguyen is 
mentioned at Nguyen column 70 lines 54-56, wherein forward converter 2124 decides if a 
request is an original request, an honest retry attempt, or a replay attack. 

Further with respect to the rejection of claim 37, Applicants traverse the Examiner's 
statement that Nguyen shows an interface module coupled to the Web application and also 
located at the seller's Website. Nguyen 's payment gateway computer system 140 is not located 
at the seller's Website 130. Fig. 3. 

Further with respect to the rejection of claim 37, Applicants traverse the Examiner's 
statement that Nguyen shows an interface module adapted to receive from Web application 
requests for service from entities other than the seller. In the passage of Nguyen cited by the 
Examiner, the requests come from merchant computer system 130, i.e., the seller. Col. 15 lines 
51-63. 
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Further with respect to the rejection of claim 37, Applicants traverse the Examiner's 
statement that Nguyen shows an interface module which formats and transmits the requests. This 
feature is not shown in the passage of Nguyen cited by the Examiner, col. 15 lines 51-63. 

Further with respect to the rejection of claim 37, Applicants traverse the Examiner's 
statement that Linehan states "that providing alternate authentication mechanisms results in a 
significant reduction in complexity, thereby improving the case [meaning "ease"] of 
implementation and overall performance." As stated above, Linehan states that moving the 
credit/debit card authorization function from the merchant to the issuer is what results in a 
significant reduction in complexity. Col. 4 lines 2-9. Providing alternate authentication 
mechanisms results in an increase, not a decrease, in complexity. 

For the above reasons, Applicants hereby request the Examiner to withdraw his rejection 
of claims 1-9, 23-25, 28, 29, and 31-34; and to allow claims 1-9, 23, 25, 28, 29, 31-34, and 37 as 
amended. 

In his thirty-fifth paragraph, the Examiner rejected claims 10-16 under 35 USC § 103(a) as 
being unpatentable over Nguyen in view of Linehan , and further in view of Lin. 

Claims 10-16 are dependent claims depending upon independent claim 1, which, as 
discussed above, is patentable. Therefore, it follows that claims 10-16 are patentable as well. 

Furthermore, while Lin shows the use of a hash table, the purpose of Lin's hash table is 
different than the purpose of the hash table in Applicants' claims 10-16. Lin's hash table is used 
by an intermediate-tier server, not a server at a seller Web site as required by Applicants' claims, 
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to authenticate a client that is attempting to gain access to a remote data repository. See Lin 's 
Abstract; column 5 lines 14-15; and column 6 lines 60-62. In the present invention, on the other 
hand, the hash table is sent by an Internet server application located at a seller's Web site to a 
filter engine, also located at the seller's Web site, in order to help the filter engine identify those 
HTTP requests that contain data requiring a digital signature by the buyer computer, as recited in 
claim 1. 

Furthermore, there is no suggestion in Lin of a seller, a buyer, an Internet server 
application, or a filter engine, all of which are prominently recited in Applicants' claims. 
Therefore, Lm is a remote reference. There is no motivation, teaching, or suggestion for a skilled 
artisan to combine Lm with the other cited references. 

With respect to the rejection of claims 11-16, Applicants traverse the Examiner's 
statement that Nguyen (did the Examiner mean Lin?) teaches that the hash table comprises 
headers from a redirected HTTP request, a method of the redirected HTTP request, a 
content-type of a redirected HTTP request, a buyer computer's IP address, actual data in a 
redirected HTTP request, or a unique session ID. Neither Nguyen nor Lin shows these features. 

For the above reasons, Applicants hereby request the Examiner to withdraw his rejection 
of claims 10-16; and to allow these claims as amended. 

Applicants believe that this application is now in condition for allowance of all claims 
remaining herein, claims 1-23 and 25-37 as amended, and therefore an early Notice of Allowance 
is respectfully requested. If the Examiner disagrees or believes that, for any other reason, direct 
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contact with Applicants' attorney would help advance the prosecution of this case to finality, he 
is invited to telephone the undersigned at the number given below. 



Respectfully submitted, 



date of signature: 




Edward J. Radio 
Attorney Under Rule 34 
Reg. No. 26,793 



SONNENSCHEIN NATH & ROSENTHAL LLP 
P.O. Box 061080 

Wacker Drive Station, Sears Tower 
Chicago, IL 60606-1080 
tel.: (415) 882-2402 



cc: IP/T docket CH 
T. Ream (DSMS) 
K. Ruthenberg 
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